formbook | 600bf146efa51b38dceb6271a44fc4cc9bc115d280ef01700305a34b39581b17 | Triage

Submit
Reports

Overview

overview

Static

static

INV IFL NP 22080.doc

windows7_x64

INV IFL NP 22080.doc

windows10_x64

1

Sharing

General

Target

INV IFL NP 22080.doc
Size

1.7MB
Sample

211103-xvx86seec9
MD5

411bc60dedab2323705c49b657990d59
SHA1

c23e28d2fb158e8fc2f3c6179702e2a980b29b54
SHA256

600bf146efa51b38dceb6271a44fc4cc9bc115d280ef01700305a34b39581b17
SHA512

7e5a322da1340f5da09dd6ba52fb455b1ac70b4a0e9e285b2ed37ae399e9d1991b6fd290413d9810dda28f6313b403ec751ee240f045745435af55ffbf84e23f

Score

10^/10

formbook jy0b rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INV IFL NP 22080.doc

Resource

win7-en-20211014

formbook jy0b rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV IFL NP 22080.doc

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

charlotte-s-creations.com

homenetmidrand.com

sytypij.xyz

tapehitsscriptsparty.com

adelenashville.com

greendylife.com

agbqs.com

lilcrox.xyz

thepersonalevolutionmaven.com

graciasmiangel.com

heidisgifts.com

flchimneyspecialists.com

yorkrehabclinic.com

cent-pour-centsons.com

marcoislandsupsurf.net

expressdiagnostics.info

surferjackproductions.com

duscopy.store

uekra.tech

campaigncupgunplant.xyz

cheetahadvance.com

blickosinski.icu

laketacostahoe.com

drippysupplyco.com

isomassagegun.com

clarition.com

andrew-pillar.com

truthbudgeting.com

cloudfixr.com

cfasministries.com

compliant-now-beta.com

kssc17.icu

plewabuilders.com

uslugi-email.site

167hours.com

sodo6697.com

voyagesify.com

ranodalei.com

culturao.com

littlepotato-id.com

integtiryhvacsanmateo.com

neatmounts.com

reddictnflstream.com

digistore-maya.com

Targets

- Target
  
  INV IFL NP 22080.doc
- Size
  
  1.7MB
- MD5
  
  411bc60dedab2323705c49b657990d59
- SHA1
  
  c23e28d2fb158e8fc2f3c6179702e2a980b29b54
- SHA256
  
  600bf146efa51b38dceb6271a44fc4cc9bc115d280ef01700305a34b39581b17
- SHA512
  
  7e5a322da1340f5da09dd6ba52fb455b1ac70b4a0e9e285b2ed37ae399e9d1991b6fd290413d9810dda28f6313b403ec751ee240f045745435af55ffbf84e23f
Score

10^/10

formbook jy0b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjy0bratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy